Category Archives: PHP

Behaviour : Using CSS selectors to apply Javascript behaviours

Lurvely! This is a very neat method for removing Javascript from html pages! Embed it in the CSS! (sort of!)
He has a couple of examples on his page, and it looks easy enough in principle. The devil’s in the details don’t you know but it looks like it’s worth trying!
He’s a busy beaver too.. he has an MVC framework and tutorial that steps you through an example.

Lighttpd, fastcgi, php and eAccelerator

lighttpd is a lightweight httpd server I came across on (thanks michel_v!)
It took a while but I got it working on a server and it’s rather nice. You can run php scripts through it using the fastcgi interface. Here’s how I installed it on a Debian machine. Lines starting with “#” are commands that should be entered as the root user. (lots ripped from this tutorial)

# wget http://www.lighttpd.net/download/lighttpd-1.3.13.tar.gz
# tar zxvf lighttpd-1.3.13.tar.gz
# cd lighttpd-1.3.13
# dpkg-buildpackage

dpkg-buildpackage can be found in the package “cvs-buildpackage”. You’ll have to install a number of dependencies before this works. Just apt-get install packagename them as they come up.

# cd ..
# dpkg -i lighttpd_1.3.13-1_i386.deb

This will install lighttpd and start it.
Now you need to install and configure php:

# apt-get install php4-cgi
# vi /etc/lighttpd/lighttpd.conf

Look for the fastcgi.server section for php4 and change it so it looks like this:

fastcgi.server = ( ".php" =>
  ( "localhost" =>
    (
      "socket" => "/tmp/php-fastcgi.socket",
      "bin-path" => "/usr/bin/php4-cgi"
    )
  )
)

Download eaccelerator from their site and follow the instructions in the README. If you haven’t got phpize then install php4-dev.
Open up /etc/php4/cgi/php.ini and add the following at the top of the file:

  extension="eaccelerator.so"
  eaccelerator.shm_size="32"
  eaccelerator.cache_dir="/tmp/eaccelerator"
  eaccelerator.enable="1"
  eaccelerator.optimizer="1"
  eaccelerator.check_mtime="1"
  eaccelerator.debug="0"
  eaccelerator.filter=""
  eaccelerator.shm_max="0"
  eaccelerator.shm_ttl="1800"
  eaccelerator.shm_prune_period="1800"
  eaccelerator.shm_only="0"
  eaccelerator.compress="1"
  eaccelerator.compress_level="9"
  eaccelerator.content="shm_and_disk"

You’ll have to create the tmp directory yourself. Read the README file and config docs for instructions on using the web frontend to the accelerator.

I think that’s it, have I forgotten anything?

Smarty Sample Application: Guestbook

Ooh nice. Monte Ohrt wrote a guestbook as a demonstration of how to use Smarty to seperate presentation and code.
It’s well laid out and described in detail. If you’ve wondered what this Smarty thing is take a look at this and read through it a few times.
Later… PHP Guru has a guide to setting up an application’s structure which is worth a look!
My Top Two PHP Security Practices (via phpcomplete)
Synamic Typing (via PHP Everywhere)
lighttpd – lighttpd a secure, fast, compliant and very flexible web-server which has been optimized for high-performance environments. It has a very low memory footprint compared to other webservers and takes care of cpu-load. Its advanced feature-set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) make lighttpd the perfect webserver-software for every server that is suffering load problems. (via michel_v on IRC)

SAJAX – Simple Ajax Toolkit by ModernMethod – XMLHTTPRequest Toolkit for PHP

Now that XMLHTTPRequest has been renamed Ajax by Joe Public, it’s gaining more and more attention.
SAJAX is another toolkit, along the same lines as JPSpan in that you can call PHP functions directly from your web browser. The latest release also has backends for Perl and Python. Other language backends are a possibility if they’re contributed.
One major drawback of this project in it’s current state is, “Lack of type checking and support for rich return types”. JPSpan allows complex data types such as arrays to be passed back and forth between Javascript and PHP and from what I can see of the examples, SAJAX doesn’t support asynchronous calls either, yet.

multiplication example

/* PHP */
function multiply($x, $y) {
  return $x * $y;
}

/* JAVASCRIPT */
function do_multiply() {
  // get the folder name
  var x, y;

  x = document.getElementById("x").value;
  y = document.getElementById("y").value;
  x_multiply(x, y, do_multiply_cb);
}

Bye bye Referer Spammers!

Take a quick look at your logfiles any time and you’re likely to see referer spam in there somewhere. Not only do those requests pollute your log files and stats pages, but they also consume resources on your server when you serve them pages that aren’t even going to be viewed by anyone. Here’s one way of stopping the spammers eating into your server resources:

  • Look through your logfiles and examine the referers. Here’s a quick bit of code to do that. (Remove the backslashes (“\”) from before double quotes. WP is putting them in on me!) :
    awk '{print $11}' < /var/log/apache2/access_log| sort|uniq -c|sort -r|grep -v "mydomain.com"|less
  • Copy and paste any likely looking referer spam sites somewhere else for safe keeping. The ones that use most of your resources will be at the top of the list.
  • Add this code to some page that every page on your site loads, it should be included before main execution of the page occurs. Fill in the array of referer sites with the list your assembled from your log file. I’ve added a few from this morning’s log file. 
    if( isset( $_SERVER["HTTP_REFERER"]  ) )
{
    $referers_to_avoid = array(
            "ttp://texas-holdem.andrewsaluk.com",
            "ttp://www.highprofitclub.com/",
            "ttp://www.sex4singles.com/",
            "ttp://www.parishillton.com/",
            "ttp://www.moneylinebet.com/",
            "ttp://www.free-hentai-anime-sex.com",
            "ttp://www.bondage-bdsm.us",
            "ttp://www.handjob-movies.us",
            "ttp://www.zoothumbnails.com",
            "ttp://www.bestiality-animal-sex-stories.com",
            "ttp://www.gay-men-sex-movies.com",
            "ttp://russ-darrow-kia.gq.nu/",
            "ttp://nissan-xterra.sbn.bz/",
            "ttp://nissan-thermos.gq.nu/",
            "ttp://folding-chair.wol.bz/",
            "ttp://www.xcites-0-cost-interracial-cum-teen-sex-movie.com"
    );
    while( list( $key, $val ) = each( $referers_to_avoid ) )
    {
        if( strpos( $_SERVER["HTTP_REFERER"], $val ) )
        {
            die();
        }

    }
}
  • Add an error_log() to the “if” condition to spot when a spammer visits.
  • Add this to index.php of a WordPress installation to protect your blog and make your legitimate requests go that much faster!

PHP Future – Java or Simplicity

Conflict PHP is an opinion piece on the state of PHP. PHP5 (which I haven’t tried yet) is going down the road of Java and copying it’s object model and other ideas.
That’s no bad thing but most PHP developers surveyed don’t want that.
Adoption of PHP4 was much faster than PHP5 is, possibly because there was such a huge difference between versions 3 and 4. If PHP5 features were really “must haves” then people would be crying out for them. Zend is getting more “corporate” and I hope it doesn’t backfire on them!
John Lim has more on the issue.

Validate Email Address in PHP

It’s a common task but one that I haven’t looked at in as much detail as this devshed article. There’s a few bugs in the code, and a function was posted to the comments that’s all over the place.. here’s the same PHP function, cleaned up, to verify an email address. Note that it won’t work in Windows as-is because “checkdnsrr()” isn’t available on Windows platforms. (Remove the \ characters from before the ” characters surrounding the regex.. WordPress adds them when I post this. *grrr*)

function checkEmail($email)
{
  // checks proper syntax
  if( !preg_match( "/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/", $email))
  {
    return false;
  }

  // gets domain name
  list($username,$domain)=split('@',$email);
  // checks for if MX records in the DNS
  $mxhosts = array();
  if(!getmxrr($domain, $mxhosts))
  {
    // no mx records, ok to check domain
    if (!fsockopen($domain,25,$errno,$errstr,30))
    {
      return false;
    }
    else
    {
      return true;
    }
  }
  else
  {
    // mx records found
    foreach ($mxhosts as $host)
    {
      if (fsockopen($host,25,$errno,$errstr,30))
      {
        return true;
      }
    }
    return false;
  }
}
Close

Ad-blocker not detected

Consider installing a browser extension that blocks ads and other malicious scripts in your browser to protect your privacy and security. Here are a few options.

  • uBlock Origin is a free, open source, ad blocker for your browser.
  • Use pi-hole if you have a spare Raspberry Pi on your network.
  • Set the private DNS settings on your phone to dns.adguard.com to block adverts and trackers.